In an IMS network, a user equipment (UE) typically comprises an Internet Protocol Private Branch Exchange (IP PBX) coupled to one or more terminals, such as an IP phone. The IP PBX is a type of endpoint in an IMS network which is used to connect terminals (e.g. IP phones) to the Public Switched Telephone Network via TCP/IP. The UE must register with the network before it can make and receive calls via the network. During this registration process, the UE is challenged to prove it belongs to the user whose identity it is registering as. If the UE cannot respond to the challenge correctly the registration fails and the UE is denied service by the IMS network.
IMS networks and entities within an IMS network use standard communication protocols to provide a UE with a service. In particular, IMS networks use the Session Initiation Protocol (SIP) for signalling and for controlling communication between entities in the network. SIP is commonly used for voice and video calls using IP-phones or over IP networks (such as IMS).
Typically, an IMS network has one or more SIP servers or proxies which are used to process SIP signalling packets in the network, and are collectively known as Call Session Control Function (CSCF) proxies or servers. A proxy CSCF (P-CSCF) is such a SIP server, and is usually the first point of contact for an IMS UE (i.e. an IP PBX coupled to one or more terminals). As part of the UE registration process, a P-CSCF will establish some sort of security association with the UE. Non-registration requests (such as call requests) are blocked at the P-CSCF unless they come in on such an association. Thus, the P-CSCF functions to, among other things, observe the authentication flows in the IMS network to determine if it can trust the UE and, if so, sets up the security association so that further SIP messages from the trusted UE are permitted.
A Serving CSCF (S-CSCF) server is another a SIP server and is generally used to perform session control between UEs for example. One function it performs is to issue the challenge to the UE, which it does by talking to a Home Subscriber Server (HSS), which comprises a master user database that supports the IMS entities which handle calls, and stores the entity's authentication credentials. Non-registration requests received by the S-CSCF via the P-CSCF are not challenged by the S-CSCF, since the P-CSCF has already verified that they should be trusted (and because the S-CSCF implicitly trusts the P-CSCF).
The security association can take several forms, which have different security characteristics. At the most secure level, the P-CSCF may establish an IPsec tunnel or TLS connection to the UE, which is difficult for a malicious third party to subvert. Alternatively, the P-CSCF may track the TCP connection to the UE as having been authenticated, and may permit subsequent requests on that connection. In a less secure alternative, the P-CSCF may track the IP address and port that the UE used for registration, and allow subsequent requests from that address and port, but this is quite easy for a malicious UE to forge.
As the security association may be quite weak, the IMS standard allows the S-CSCF to challenge non-registration requests at its own discretion, but only if the subscriber is currently registered and only if the subscriber uses a particular type of authentication (i.e. SIP digest authentication).
An Internet Protocol Private Branch Exchange (IP PBX) is a particular type of endpoint which is widely used by businesses and used to connect telephone extensions to the Public Switched Telephone Network via TCP/IP. An IP PBX uses SIP to talk to the ‘core’ of an IMS network, but an IP PBX often lacks the ability to register with the network. This means an IP PBX does not have a way of setting up a security association with the P-CSCF, and consequently, cannot make calls. Such an IP PBX is known as a non-registering PBX.
The present applicant has recognised the need for a system and method to handle non-registration requests (e.g. call requests) from non-registering PBXs.